Hello Experts,

I am not a Microsoft person but due to work situation I get involved in Microsoft connectivity issues. We have RDS site and we publish applications in the site . Users are given VPN access to the company site some users use their own laptops - non domain and some are in the domain. users connect to the company network via vpn and access the RDS site and can click on the icons that represent the application and it will launch a remoteapp for them.

I have two users with windows 10 , they connect  to the vpn and can login to the RDS site but when they launch the Remoteapp application  they get weird message but I tried from my personal laptop which is windows 7 and login as them and I was able to launch the applications with no issues. I wonder why is that.

The error message they get is Starting your app --> initiating remote connection , and a window pops up that shows
RemoteApp disconnected with red X
Remote desktop can't connect to the remote computer "xxxxx.domain.com" for one of the reasons:

1. your user account is not authorized to access the RD Gateway " xxxx.domain.com"
2. Your computer is not authorized to access the RD Gateway"xxxx.domain.com"
3. You are using an incompatible authentication method (for example, the RD Gateway might be expecting a smart card but you provided a password)

This error message does not show up when I use the windows 7 laptop. Does anyone know what is the problem and how to make this work for these users.…

I am trying to implement a VPN using my Netgear Nighthawk.  The client is OpenVPN and the configuration files are downloaded from the router, this includes the client certificate which seems to be the problem.  When I try to connect I get the following error in the log

Tue Nov 13 13:46:04 2018 Certificate does not have key usage extension
Tue Nov 13 13:46:04 2018 VERIFY KU ERROR
Tue Nov 13 13:46:04 2018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Tue Nov 13 13:46:04 2018 TLS_ERROR: BIO read tls_read_plaintext error
Tue Nov 13 13:46:04 2018 TLS Error: TLS object -> incoming plaintext read error
Tue Nov 13 13:46:04 2018 TLS Error: TLS handshake failed

Looking around on the internet I don't find a clear explanation on how to correct the problem.

The client is loaded on Win 10 Pro, I don't know what else you might need to help me, let me know and I will try to get the info.

I set a group policy to allow remote desktop only from inside the network.

I set up some users to establish a VPN connection to the server’s VPN, with windows VPN service.

Will they be able to remote into their computer with remote desktop, once they establish a VPN connection, will they be considered as part from the network so the group policy will allow them to remote to their computer?

Server 2012

I have a user that connects to the office network (2012 AD Domain) from a Surface Book running Windows 10 PRO (machine is a domain member) using SonicWall VPN client programs, I tired both GVC and SSL VPN to resolve this issue.

The issue is her mapped drive to the file server does not connect all the time.  If she waits long enough it eventually connects.  

Sometimes rebooting the Surface Book fixes it, sometimes not.  

Her other mapped drives work fine and connect without issue.  All sharing and security is the same for the network shares.

When the drive is mapped like this: \\server-name\share-name it does not connect or takes a while to connect.

When the drive is mapped like this \\server-ip-address\share-name  it connects without issue.

I'm ok with using the IP address in the mapping path, but was wondering what might be the cause since I have 10+ other users who do not have the issue, some of whom have identical Surface books.

Is this a NetBIOS issue?  Is it possible her home router is not resolving NetBIOS names to IP addresses?  It works fine when she is on the office Wi-Fi which  uses a different  IP scheme than the network LAN.

Any help is appreciated.

Thanks,
cja

So we currently have a Cisco ASA 5512-X, v9.2.

We are currently on split tunnel for VPN, however, we want to move away from split tunnel as it causes routing issues for us to AWS.

Is there a good way for me to build out another VPN interface and apply new profiles/rules to test?

Hi,
I'am activating 2Steps verification on my firewall for my users vpn access and it needs to email my users the code. For this I need to allow my 192.168.1.1 to send email to my exchange 2016 192.168.1.10. this is relay to external and in Exchange 2003 i would have set that up in 5 seconds... but not in 2016...
I found a couple of "how-to's" which says parts of the work need to be done in command line and the other part in the web console (what a pain...) but my main unknown is that some says it has to be applied on the "receive connector" and others says it is the "send connector"..
http://msexchangeguru.com/2016/05/02/smtp-relay-connectors/
"send" https://www.youtube.com/watch?v=rMjHcN7jM_A

Some of the email are destined to my exchange own users mailbox but a few will go external at some gmails and others...

thanks for the info... I really don't want to open relay external to all ;)

Morning, I am trying to setup a Windows 2016 VPN via LT2P but keep getting the below error.
Anyone know what I can do to fix it?

During main mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.
Local Network Address:      172.16.0.139
Remote Network Address:      172.16.66.10
Keying Module Name:      IKEv1

Hello

I have two users set up in Actitive directory , user-a is in Group A and user-b is in group A and Group B

In the ASA LDAP mappings I have,

"User group A" mapped to "End user VPN profile" and "group B" mapped to "Admin user VPN profile".

However if either User A or B logs in they both get the end user profile. Is there any way to prioritise the profile assigment so that "user b " gets the admin profile and "User a" gets the end user one?

I feel like this should be possible or does each user need to be in a unique group? In the debug I can see the member of groups are being returned correctly, and I have copied and pasted from there to and the policy names to insure there are no miss types

I have a laptop with Windows 7 joined to a domain (Server 2012).   Often times (but not always) when it's off the corporate network and the user connects to the network via a sonicwall vpn and then attempts a RDP connection with their desktop on site (also Win 7) they get the message "There are currently no logon servers available to service the logon request".

I found a work around, and that is to login to the remote machine as the local domain administrator and then trying to login again as the regular user - it lets them right on.  I dont even have to let the admin login completely - usually get the warning that another users is connected and will lose their work appears and even clicking cancel and then trying the regular user - still lets them on.

For obvious reasons, I'd love to figure out and resolve rather than having to login as the admin prior to the user logging in.

We are using the Windows version of STunnel from https://www.stunnel.org/downloads.html.
The server install generated a certificate stunnel.pem.

We tried using it for the client with a configuration from below but it did not work.

cert = stunnel.pem
key = stunnel.pem
CAfile = <cername>.pem
CRLfile = <something here?>
sslVersion = TLSv1.2
 
1. Could you provide some step-by-step instructions on how to configure the Windows client to use the certificate?
We did configure TLSv1.2 on it.

2. What is the easiest way to test that STunnel is working?

3. If we would like to generate a more secure certificate from the server, how do we do it?
The STunnel documentation does not recommend using the default certificate.

Thanks,
Mihai